Add no_hmac_verify flag.

Flag to allow empty or wrong hmac in the packet trailer.

Add no_hmac_verify flag.
Flag to allow empty or wrong hmac in the packet trailer.
a62b7c9b · Etienne MARAIS · Juliusz Chroboczek · 1544810a · a62b7c9b · a62b7c9b
Commit a62b7c9b authored Jun 24, 2019 by Etienne MARAIS Committed by Juliusz Chroboczek Aug 05, 2019
Hide whitespace changes
Inline Side-by-side

Showing with 26 additions and 11 deletions

babeld.man babeld.man +5 -0

configuration.c configuration.c +7 -0

interface.c interface.c +2 -1

interface.h interface.h +3 -0

message.c message.c +9 -10

No files found.
--- a/babeld.man
+++ b/babeld.man
@@ -414,6 +414,11 @@ otherwise.
 Send multiple copies of TLVs other than Hellos to all neighbours rather
 than sending a single multicast packet.  The default is false.
 .TP
+.BR no_hmac_verify " {" true | false }
+Do not check packet signatures, accept unsigned or incorrectly signed packets
+even if one or more keys are configured on the interface.  The default is
+.BR false .
+.TP
 .BR rfc6126\-compatible " {" true | false }
 Disable some features that are incompatible with RFC 6126 (the older
 version of the Babel protocol), such as source-specific routing and RTT

--- a/configuration.c
+++ b/configuration.c
@@ -607,6 +607,12 @@ parse_anonymous_ifconf(int c, gnc_t gnc, void *closure,
            if(c < -1)
                goto error;
            if_conf->unicast = v;
+        } else if(strcmp(token, "no_hmac_verify") == 0) { 
+            int v;
+            c = getbool(c, &v, gnc, closure);
+            if(c < -1)
+                goto error;
+            if_conf->no_hmac_verify = v;
        } else if(strcmp(token, "link-quality") == 0) {
            int v;
            c = getbool(c, &v, gnc, closure);
@@ -829,6 +835,7 @@ merge_ifconf(struct interface_conf *dest,
    MERGE(lq);
    MERGE(faraway);
    MERGE(unicast);
+    MERGE(no_hmac_verify);
    MERGE(channel);
    MERGE(enable_timestamps);
    MERGE(rfc6126);

--- a/interface.c
+++ b/interface.c
@@ -396,7 +396,8 @@ interface_updown(struct interface *ifp, int up)

        if(IF_CONF(ifp, unicast) == CONFIG_YES)
            ifp->flags |= IF_UNICAST;
-
+        if(IF_CONF(ifp, no_hmac_verify) == CONFIG_YES)
+            ifp->flags |= IF_NO_HMAC_VERIFY;
        if(IF_CONF(ifp, hello_interval) > 0)
            ifp->hello_interval = IF_CONF(ifp, hello_interval);
        else if(type == IF_TYPE_WIRELESS)

--- a/interface.h
+++ b/interface.h
@@ -53,6 +53,7 @@ struct interface_conf {
    char lq;
    char faraway;
    char unicast;
+    char no_hmac_verify;
    int channel;
    int enable_timestamps;
    int rfc6126;
@@ -84,6 +85,8 @@ struct interface_conf {
 #define IF_TIMESTAMPS (1 << 6)
 /* Remain compatible with RFC 6126. */
 #define IF_RFC6126 (1 << 7)
+/* Packets with a wrong or empty packet trailer are accepted */
+#define IF_NO_HMAC_VERIFY (1 << 8)
 /* Use Babel over DTLS on this interface. */
 #define IF_DTLS (1 << 9)


--- a/message.c
+++ b/message.c
@@ -586,17 +586,16 @@ parse_packet(const unsigned char *from, struct interface *ifp,
        return;
    }

-    if(ifp->key != NULL) {
-	if(check_hmac(packet, packetlen, bodylen, neigh->address,
-		      to) != 1) {
-	    fprintf(stderr, "Received wrong hmac.\n");
-	    return;
-	}
+    if(ifp->key != NULL && !(ifp->flags & IF_NO_HMAC_VERIFY)) {
+        if(check_hmac(packet, packetlen, bodylen, neigh->address, to) != 1) {
+            fprintf(stderr, "Received wrong hmac.\n");
+            return;
+        }

-	if(preparse_packet(packet, bodylen, neigh, ifp) == 0) {
-	    fprintf(stderr, "Received wrong PC or failed the challenge.\n");
-	    return;
-	}
+        if(preparse_packet(packet, bodylen, neigh, ifp) == 0) {
+            fprintf(stderr, "Received wrong PC or failed the challenge.\n");
+            return;
+        }
    }

    i = 0;